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LISTING OF CLAIMS 



1. (previously presented) A method for securely providing 
data of a content provider to a user without trusting an 
internet service provider, wherein the content provider and 
internet service provider are different entities, said 
method comprising; 

a. generating a first key known only to said content 
provider; 

b. encrypting a second key using said first key and 
an encryption algorithm requiring a one-time password; 

c. storing said encrypted second key on a client 
machine; and 

when said user desires to access said data: 

d. decrypting said second encrypted key using said 
first key; and 

e. accessing said data using said second key. 

2. (original) A method as recited in claim 1, further 
comprising the step of transmitting the identity of said 
client machine to said content provider to authenticate that 
said user is using said client machine, thereby permitting 
said data to be accessed only on said client machine. 
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3. (original) A method as recited in claim l, wherein 
said one-time password is a unique user identifier and 
wherein said one-time password is transmitted out of band. 

4. (original) A method as recited in claim l, wherein said 
second key is required in an algorithm that generates a 
session key which is used to decrypt said data. 

5. (previously presented) A method for securely providing 
data of a content provider through an internet service 
provider to a user without trusting an internet service 
provider, wherein said content provider and said internet 
service provider are different entities, said method 
comprising: 

a. generating a first key known only to said content 
provider; 

b. encrypting a second key using said first key and 
an encryption algorithm requiring a one-time password and a 
separate user provided password; 

c. storing said encrypted second key on a client 
machine; and 

when said user desires to access said data: 

d. decrypting said second encrypted key using said 
user provided password; and 

e. accessing said data using said second key. 
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6. (original) A method as recited in claim 5, further 
comprising the step of transmitting the identity of said 
client machine to said content provider to authenticate that 
said user is using said client machine, thereby permitting 
said data to be accessed only on said client machine. 

7. (original) A method as recited in claim 5, wherein 
said one-time password is a unique user identifier and 
wherein said one-time password is transmitted out of band. 

8. (original) A method as recited in claim 5, wherein said 
second key is required in an algorithm that generates a 
session key which is used to decrypt said data. 

9. (previously presented) In a communications network 
having at least a content provider node and a plurality of 
client machines, a method of authenticating a user seeking 
access to secure data of said content provider, wherein said 
user accesses said content provider through an internet 
service provider and wherein said internet service provider 
and said content provider are different entities, said 
method comprising: 

a. transmitting gAa and the identity of the user of 
said one client machine to said content provider node, 
wherein g and a are random numbers and where a is known only 
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to said client machine, and where g is known to both content 
provider and said client machine; 

b. generating gAb f where b is known only to said 
content provider node; 

c. encrypting gAb with a one-time password of said 

user; 

d. calculating gA(a*b) by said client machine using 
-said one-time password to decrypt said encrypted gAb; and 

e. transmitting gA(a*b) to said content provider, 
whereby said client machine's knowledge of gA(a*b) 
authenticates said user to said content provider. 

10. (original) A method as recited in claim 9, further 
comprising the step of transmitting the identity of a 
particular one of said client machines to said content 
provider to authenticate that said user is using said client 
machine, thereby permitting said data to be accessed only on 
said client machine. 

11. (original) A method as recited in claim 9, further 
comprising the step of performing a method authenticated 
code on gA(a*b) at said content provider and transmitting 
the results of performing said method authenticated code to 
said client, where said client machine verifies said results 
to authenticate said content provider. 
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12. (previously presented) A program storage device 
readable by a machine, tangibly embodying a program of 
instructions executable by the machine to perform method 
steps for securely providing data of a content provider to a 
user, wherein data is transmitted to said user from said 
content provider through an internet service provider and 
wherein said content provider and internet service provider 
are different entities, said method comprising: 

a. generating a first key known only to said content 
provider; 

b. encrypting a second key using said first key and 
an encryption algorithm requiring a one-time password; and 

c. storing said encrypted second key on a client 
machine; 

wherein, when said user desires to access said data: 
said second encrypted key is decrypted using said first 
key; and 

said data is accessed using said second key. 

13. (previously presented) A program storage device 
readable by a machine, tangibly embodying a program of 
instructions executable by the machine to perform method 
steps for securely providing data of a content provider to a 
user, wherein data is transmitted to said user from said 
content provider through an internet service provider and 



Y0999-558 



PACE 7/20 ' RCVD AT 10/12/2004 2:21:55 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/2 * DNIS:872830S * CSID:8149621973 • DURATION <mm-ss):0&-02 



Oct. 12 04 Ql:58p 



HNNE V. DOUGHERTY 



9 149621973 



p. 8 



Serial No. 09/468,377 
Art Unit No. 2134 

wherein said content provider and internet service provider 
are different entities, said method comprising: 

a. generating a first key known only to said content 
provider; 

b. encrypting a second key using said first key and 
an encryption algorithm requiring a one-time password and a 
separate user provided password; and 

c. storing said encrypted second key on a client 
machine; 

wherein, when said user desires to access said data: 
said second encrypted key is decrypted using said user 
provided password; and 

said data is accessed using said second key. 

14. (previously presented) A program storage device 
readable by machine, tangibly embodying a program of 
instructions executable by the machine to perform method 
steps in a communications network having at least a content 
provider node and a plurality of client machines, said 
method steps authenticating a user seeking access to secure 
data of said content provider, wherein data is transmitted 
to said user from said content provider through an internet 
service provider and wherein said content provider and 
internet service provider are different entities,, said 
method steps" comprising: 
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a. transmitting gAa and the identity of the user of 
said one client machine to said content provider node, 
wherein g and a are random numbers and where a is known only 
to said client machine, and where g is known to both content 
provider and said client machine; 

b. generating gAb, where b is known only to said 
content provider node; 

encrypting gAb with a one-time password of said 



c. 

user; 

d. 



calculating gA(a*b) by said client machine using 
said one-time password to decrypt said encrypted gAb; and 

e. transmitting gA(a*b) to said content provider, 
whereby said client machine's knowledge of gA(a*b) 
authenticates said user to said content provider. 



15. (previously presented) A computer program product for 
securely providing data of a content provider to a user 
without first trusting an internet service provider, wherein 
data is transmitted to said user from said content provider 
through an internet service provider and wherein said 
content provider and internet service provider are different 
entities, said computer program product comprising: 

a. first instruction means for generating a first key 
known only to said content provider; 
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b. second instruction means for encrypting a second 
key using said first key and an encryption algorithm 
requiring a one-time password; and 

c. third instructions means for storing said 
encrypted second key on a client machine; 

wherein when said user desires to access said data: 
said second encrypted key is decrypted using said first 
key; and 

said data is accessed using said second key. 

16. (previously presented) A computer program product for 
securely providing data of a content provider to a user 
without trusting an internet service provider, wherein data 
is transmitted to said user from said content provider 
through an internet service provider and wherein said 
content provider and internet service provider are different 
entities, said computer program product comprising: 

a. first instruction means for generating a first key 
known only to said content provider; 

b. second instruction means for encrypting a second 
key using said first key and an encryption algorithm 
requiring a one-time password and a separate user provided 
password; and 

c third instruction means for storing said encrypted 
second key on a client machine; 

wherein when said user desires to access said data: 
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said second encrypted key is decrypted using said user 
provided password/ and 

said data is accessed using said second key. 

17. (previously presented) A computer program product for 
use in a communications network having at least a content 
provider node and a plurality of client machines, said 
computer program for authenticating a user seeking access to 
secure data of said content provider, wherein data is 
transmitted to said user from said content provider through 
an internet service provider and wherein said content 
provider and internet service provider are different 
entities, said computer program product comprising: 

a. transmitting gAa and the identity of the user of 
said one client machine to said content provider node, 
wherein g and a are random numbers and where a is known only 
to said client machine, and where g is known to both content 
provider and said client machine; 

b. generating gAb, where b is known only to said 
content provider node; 

c. encrypting gAb with a one-time password of said 



user; 



d. calculating gA(a*b) by said client machine using 
said one-time password to decrypt said encrypted gAb; and 
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e. transmitting gA(a*b) to said content provider, 
whereby said client machine's knowledge of gA(a*b) 
authenticates said user to said content provider. 
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